CS110 Support Info
Virus

[ Home ]

Version Information concerning my antivirus protection:

My computer began wanting to visit a web page. I kept getting the message below:

So I ran a complete scan of my system:

Went on-line to AVG Virus Definition Page

Virus: Downloader.Agent.AS, AVG did not have an exact definition.

Google search on the virus

How do you get rid of the trojan horse Downloader Agent P virus when AVG can detect it but cannot heal or remove it?

This Downloader Viruses question was last updated on June 08, 2004, at 11:38 am. Popularity in Downloader Viruses FAQ: 247.

 

     

  • Question by John Bentley asked on April 26, 2004, at 3:22 pm.
    How do you get rid of the trojan horse Downloader Agent P virus when AVG can detect it but cannot heal or remove it?

     
  • Answer by Bob (Bugaboobobsworld@ThisisToPreventSpam-DFT-RemoveThis.yahoo.com) contributed on June 04, 2004, at 07:23am. Last updated on June 04, 2004, at 7:56pm.
    Here's what I know about "downloader.agent":

    1/ The file-name extension (after the 2nd decimal point)varies. Such as "Downloader.Agent.A", "Downloader.Agent.AS", "Downloader.Agent.MM", etc. So far I've found at least 50 different extensions.

    2/ It creates the file "Kernell32.exe" in Windows, which is NOT a Microsoft Windows file. This file over-writes your main Dynamic Link Library file, (Kernell32.dll), which controls memory allocation for programs, ability to display images, and browser functionality.

    3/ It alters the files: "Autoexec.bat", "Config.sys", and "Command.com". These are the critical files to start your machine.

    4/ It creates a directory from the C:\ prompt called: "_restore\temp". You will find hundreds of files in here with a ".CPY" extension, which are NOT part of Windows. It is a log of your activity which is transmitted to someplace called the "Kazaa Network" through Outlook without your knowledge everytime you logon. If you're on DSL, you are transmitting constantly without knowing it. This is what slows down your page loading and prevents you from using icons on your desktop.

    It also creates a sub-folder in Windows called "Plaxo". (C:\Windows\Plaxo). In here, you will find more CPY files, and a file called "Plaxo.Log". If you view this file, you will see a record of every single thing you've done since inheriting the virus. To view it, open your MS-DOS prompt, change the directory to c:\windows\plaxo , and then type in TYPE: PLAXO.LOG|MORE

    (the | is the "pipe" sign above your backslash which lets you view the file one page at a time.)

    By viewing this file, you can pinpoint the date/time you caught the virus.

    It is impossible to delete the infected files, since they are in use by Windows and access is denied. Even if you change the properties of the files to delete them, Windows will not work properly since key-Windows files have been altered.

    The only answer I've found so far to get rid of it, unfortunately, is to save all your user files on floppys or burn them to a CD, and RESTORE Windows from your Restore disc of Microsoft Windows disc.

    I repair PCs, and have worked on more than a dozen machines in the past month all with this same problem.

    Hope this helps.

    Bob